Data Broker Discloses A Major Breach Of App User Data

A subsidiary of a leading US location data broker, Unacast, has informed the Norwegian national Data Protection Authority, Datatilsynet, that it has been as breached is a severe incident. 

According to reports, the hack might have resulted in the theft of precise location data for millions of smartphone users. 

The subsidiary, named Gravy Analytics, told Datatilsynet that a  hacker accessed its Amazon Web Services (AWS) cloud storage environment. In its incident  report, Datatilsynet says that the breach involved the theft of information from a Gravy Analytics web server using a "misappropriated" key.  

While the breach report contains only a few details of the incident, hackers have claimed on a Russian cyber crime forum to have stolen a vast amount of data.  “The unauthorised person obtained some files, but the contents of those files and whether they contain personal data remains under investigation,” the breach report says.  If personal data was obtained it is ‘likely associated with users of third-party services that supply this data to Gravy Analytics,’ Datatilsynet's  report says.  

The hacked data appears to have originated in thousands of apps that Gravy Analytics drew data from, including Tinder, Grindr, Candy Crush and several religious and pregnancy tracking apps. A preliminary investigation showed that some of the stolen files "could contain personal data."

Unacast also owns Venntel, a data broker that also provides the US government with location data. In December 2024 the Federal Trade Commission (FTC) ruled that Gravy Analytics and Venntel violated the FTC Act by unfairly selling non-anonymised consumer location data. The FTC also alleged the firms used that data without obtaining “verifiable user consent for commercial and government uses.”  

Gravy Analytics apparently continued to gather and use consumers’ location data even after realising it did not give “informed consent” for the collection, the FTC said.  

The FTC order is notable because it sets new limits on law enforcement usage of the companies’ location data for investigative purposes. Law enforcement and intelligence agencies have acknowledged that they obtain data from brokers that historically would only have been available with a warrant. 

404Media   |    Datatilsynet   |    NRK   |  Record   |      

Image: Ideogram

You Might Also Read:  

A Guide to Understanding Market-Leading Data Storage Solutions:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« EU To Strengthen Cyber Defence In Healthcare  
Remote Deletion Of Malware Enforced On Thousands Of Computers  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

Bit4id

Bit4id

Bit4id provides technologies for electronic signature, online authentication, cybersecurity and all other services based on the concept of digital identity.

Telspace Africa

Telspace Africa

Telspace Africa provide the highest level of IT security solutions including advisory, penetration testing, vulnerability assessments, red teaming, social engineering and training.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

Pires Investments

Pires Investments

Pires is building an investment portfolio of high-tech businesses across areas such as Artificial Intelligence, Internet of Things, Cyber Security and Augmented/Virtual Reality.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.